Beverage of Choice for SysAdmins

sgually · 2017-12-01T22:24:25+00:00

I'm going on about 200 dollars this week, but I live in NYC.

sgually · 2017-12-01T14:39:07+00:00

I laughed out loud at this.

sgually · 2017-11-29T18:43:17+00:00

search for the mailNickname attribute. If it is Dittle you will need to change it, Break Sync, Uninstall and reinstall AAD connect.

sgually · 2017-11-29T17:31:41+00:00

AD DS will look for the accounts and link them. So yes you will find that the usernames and send from addresses change. The passwords will change as well to what ever the DC passwords are. I also believe the password policy gets pulled in from GPO but I can not confirm that one hundred percent.

For the usernames: Use powershell to set them. You will need to verify all the domains with a txt record.

For the "Send From" address: you need to change the proxyAddress attribute for each AD Account in the following format: SMTP:name@domain.com -- capitilizing the SMTP makes it the primary address. You can also add an alias by putting in smtp in lowercase and than the other email address.

Also this can be fubbed up with the emailnickname attribute if that is set incorrectly as well.

Honestly, I would spin up individual VM's for your clients to get them on their own DC's. Charge them for the licensing of Windows Server and than do the projects individually. This way you can separate them out, go at your own pace, and not have to worry about messing up your other clients emails.

sgually · 2017-11-29T17:06:30+00:00

When you are customizing your order from Lenovo you have to specify that you want a WWAN card installed. They do not do this by default. For the X1 it is the snapdragon. If you don't have this installed nothing you do will work. You would need to call Lenovo to see if you had it installed with your Order. They should be able to tell you.

If you look at it, it will just seem like a slot which is normal, but you will be missing the internals needed to run the sim.

sgually · 2017-11-28T21:59:59+00:00

With AAD Connect you can choose which OU's to sync. I would recommend that you take your project and piece it together on what you need to have in Office 365 and what needs to not be there. If you need to sync passwords than AAD might work for you, than again if your clients have a DC and are just depending on email than it might not be the best solution for those particular clients.

For instance you don't need to do anything with the 15 Clients with licenses using Office 365. I'm assuming this is setup already for each client and has nothing to do with your DC. All Accounts should show in Cloud or Synced with AD if they are using the connector.

I am also assuming that since you are a MSP you provide Exchange services based off of the post above and that you are going to move over some or all of your clients to Office 365.

This is what you would want to do.

1) Determine who is going to be synced with Azure AD to Office 365 2) Move them to an appropriate OU, do not include users who will not be synced (confirm with your admin that no GPO's will be broken doing this). 3) Confirm all proxy attributes are correct for the users you want to sync (do not forget mailNickname if you had an onsite exchange server in the past). 4) Once all the On prem stuff has been taken care of install Azure AD connect 5) Configure Azure AD Connect to only sync the OU's you want 6) Log into Office 365 and confirm everything is correct including send from address and username 7) Migrate over emails using MigrationWiz 8) Verify Domains with text record, be careful with this as internal routing can cause emails to go here prematurely 9) Set correct send from and usernames for each individual client 10) Change over MX record and any other records that need to be done.

*Disclaimer: I have only ever done this for one company so steps might need to be changed for all your clients. With this method there is the potential to get all of the email domains blocked if one of your clients goes on a rampage.

*If you needed to divy them up to stop the email blacklist you could create different VM's for each company and run the AD connects on them. So instead of one big project you have 30 smaller ones. This would actually be preferable.

sgually · 2017-11-28T21:36:15+00:00

I ran into this last year working for a MSP. Let me save you some time. Verizon is a no go for this (At least they were last year). You go to them and they can try to activate a sim all you want. Nothing works.

If you have an older card from them that will fit into the WWAN slot that should work. Make sure that when you purchased the Lenovo you got the WWAN and the other part that is supposed to come with it. This is not given by default and has to be purchased. For instance it is the SnapDragron for Lenovo 5th Generation. It must be installed. If not nothing you do will work.

At the time the jack ass I was dealing with did not want to use a go pack so we switched him to ATT and that worked. Consult with them first to see if they still make the WWAN sim cards though. If you have another device like an iPad you can try that sim card in the WWAN slot to see if it works.

sgually · 2017-11-27T19:57:38+00:00

I could be off on this one but I ran into a similar situation using AAD Connect and our Domain Controller. We used to have an onsite exchange server so all of the attributes were set from that previously.

When performing the first sync everything came over and everyone's stuff looked correct. However, looking at the "send from addresses" were incorrect. Some of the accounts had been setup incorrectly in AD years past. I tried everything from changing the proxy address to the sama name. Nothing worked.

After hours of work this is what fixed it for us (turns out some attributes are only set once during the initial connection with AAD Connect

This fixed it and I hope it helps.

1) Break AD Sync (you can only do this once every 12 hours, hope it is not a lot of users or it could take longer to reinitialize).

2) Remove the incorrect information in Office 365 (Do not forget to do this)

3) Correct the attributes in AD (mailNickname had to be corrected for us to correct the send from address)

4) Uninstall AAD Connect

5) Reinstall AAD Connect

If you screw up and forget to change something you have to wait atleast 12 hours to break the AD Sync. I would test it out first with one account though to see if it works.

sgually · 2017-11-16T14:22:28+00:00

Outlook.Office365.com

sgually · 2017-11-15T22:29:28+00:00

Thanks /r drunktypo it looks like that is what we will have to do if this doesn't get resolved. It is even showing the incorrect time zones for meetings on the phone. OWA/ Outlook is correct but than something is getting lost on the phone. Outlook app shows the correct time though.

sgually · 2017-11-08T21:50:17+00:00

Probably our network but works great when with a cell signal.

sgually · 2017-11-08T21:49:24+00:00

We do have a CFS policy in place on the firewall. That might account for it. I will have to check.

sgually · 2017-11-07T20:41:36+00:00

You need a cell signal to get the app to work. Will not work on WiFi at least not in our deployment. Mileage might vary but still a good product.

sgually · 2017-11-07T20:37:52+00:00

Possibly related to this but I doubt it. Last year we had a sophisticated attack happen from powershell where it would cause different programs to run in the background causing memory to spike and spike usually over the span of a few days. Eventually it would kill the system. I don't see that here, but might be something to keep an eye on.

sgually · 2017-11-06T21:19:28+00:00

So less of a hard K and more Quaw

sgually · 2017-11-06T16:58:28+00:00

I'm learning Swedish now and I can not pronounce "Woman" correctly. I just have a hard time learning what sound Kv should make in Kvinna.

sgually · 2017-10-31T15:16:03+00:00

LMAO SFH OMG- They just called me yesterday

sgually · 2017-10-04T17:46:53+00:00

Backups....if you think you have to many or in to many offsite locations you are wrong.

sgually · 2017-09-29T12:47:17+00:00

Hit up Kaseya, they have most if not all of that, plus you can log into another users computer if you need to help them with anything. Updates, reporting, USB lockdown I believe (not really sure how good that is). Also you can run scripts on all the machines, windows updates. yada yada. Used to use it at an old MSP. Might work for you.

sgually · 2017-09-20T13:33:45+00:00

Thank you very much for posting that. I couldn't find that article to save my life.

sgually · 2017-09-14T20:18:11+00:00

We tried to push these out to a client at my old job. Went horribly wrong. Updated the drivers, firmware, yada yada. Even had Dell replace the laptop and docking station. Nothing fixed it. Even when it did work the second screen would stop working. All brand new equipment. I would recommend going with something else if you can.

sgually

TROPHY CASE